Aggregator

零日漏洞就像忍者暗杀 - 听起来很刺激，但你更可能S于心脏病。

零日漏洞就像忍者暗杀 - 听起来很刺激，但你更可能S于心脏病。

交通拥堵等情形下不少人会有“路怒症”表现。在一项新研究中，英国英吉利拉斯金大学等机构研究人员调查了车辆噪音污染对加拉帕戈斯黄莺的影响，发现那些暴露在车辆噪音中的加拉帕戈斯黄莺也存在“路怒”倾向，即表现出更强的攻击性。研究团队在加拉帕戈斯群岛选取了两个岛进行实验，共涉及黄莺分布较多的38个地点。其中有20个地点靠近道路，另外18个地点离道路较远，超过100米。针对对照组黄莺，研究人员只用扬声器播放鸟鸣声来模拟入侵者；而对于实验组黄莺，除了播放模拟入侵者的鸟鸣声，还同时伴有录制的交通噪音。结果显示，与对照组相比，在这两个岛上生活在道路附近的实验组加拉帕戈斯黄莺都表现出更强的攻击性，而远离道路的实验组黄莺则都表现出较低的攻击性。这一研究结果凸显了人类活动对野生动物行为的影响，在动物保护工作中，需要考虑野生动物行为的可塑性并制定策略以减轻噪音污染对它们的影响。

包括网络钓鱼分、告警分类、访问策略优化、漏洞修复等

Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783, in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia. The vulnerability is an incorrect handle […]

Microsoft and Veeam are investigating a known issue that triggers connection errors on Windows 11 24H2 systems when restoring from Veeam Recovery Media. [...]

关于日本文部科学省申请下令解散“世界和平统一家庭联合会”（原“统一教会”）一事，东京地方法院 25 日依据《宗教法人法》发出了解散命令。法院指出，捐款令至少超过 1500 人蒙受了约 204 亿日元的损失，“造成了规模空前的巨额损失”，且这样的损失最近仍在持续，教团也未采取充分的应对措施，法院认为除剥夺法人资格外没有有效的处置手段。这是继奥姆真理教等之后第三例以该法规定的“违反法令”为由作出的解散命令决定，也是首个以非法募集捐款等《民法》的不法行为为根据的案例。前首相安倍晋三遭枪击身亡案引发关注，捐款造成损失等再度成为社会问题，教团与政界的密切关系也充分暴露，法院此次对教团做出了严厉的司法判断。教团会长田中富广称，“这是对信教自由的侵害。无论如何都无法接受”，表示拟立即提出申诉。今后若东京高等法院支持该决定，解散命令就将生效。教团方面仍可向最高法院提出申诉。

Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230, in VMware Tools for Windows. Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows. VMware Tools for Windows is a suite of utilities that enhances the performance and usability of virtual machines […]

A vulnerability was found in Huawei YutuFZ-5651S1 3.31.2.0. It has been rated as critical. This issue affects some unknown processing of the component SenaryAudio. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2023-52972. An attack has to be approached locally. There is no exploit available.

Three cybersecurity firms worked with Interpol and authorities in Nigeria, South Africa, Rwanda, and four other African nations to arrest more than 300 cybercriminals.

A vulnerability, which was classified as critical, has been found in PluXml 5.1.5. Affected by this issue is some unknown functionality. The manipulation of the argument default_lang leads to path traversal. This vulnerability is handled as CVE-2012-2227. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.33/5.16.19/5.17.2 and classified as critical. This issue affects the function _scsih_expander_node_remove. The manipulation of the argument Local leads to use after free. The identification of this vulnerability is CVE-2022-49082. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in PureThemes Realteo Plugin up to 1.2.8 on WordPress. Affected by this issue is the function do_register_user. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2025-2232. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.2.16. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adicionar_tipo_docs_atendido.php. The manipulation of the argument tipo leads to cross site scripting. This vulnerability is known as CVE-2025-29782. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.